Home / server / Questions / 691077
In Process
cr0c
Asked: 2015-05-12 01:44:52 +0800 CST

Nginx req_limit_zone whitelist ip's geo module

  • 772

I have setup nginx req_limit_zone to limit requests to my webserver. Also I added geo to whitelist certain IP's so request limit does not affect those IP's.

The problem is that once I test it with ap then it applies that request limit to the IP's that are whitelisted and everything else is not limited.

Rate limit config:

geo $limited {
    default 1;
        10.2.3.0/24 0;
}

map $limited $limit {
    1   $binary_remote_addr;
    0   "";
}

limit_req_zone  $limit  zone=r_local:10m    rate=50r/s;

Vhost config:

server {

listen    x.x.x.x:80;
  server_name www.local.dev dev.local.lan ;

  access_log  syslog:info syslog;
  error_log syslog:err;

  if ($host ~* ^local\.dev$) {
    rewrite   ^/(.*)$           http://www.local.dev/$1;
  }

  if ($host ~* ^www\.local\.live$) {
    rewrite  ^/(.*)$  /norlimit/$1  break;
  }

  if ($http_user_agent ~ (Googlebot|msnbot)) {
    rewrite  ^/(.*)$  /norlimit/$1  break;
  }

  more_clear_headers 'Server';
  more_clear_headers 'Pragma';

  location /norlimit/ {
    rewrite     ^/norlimit/(.*)$ /$1 break;
    include       proxy_headers.conf;
    proxy_set_header  X-Secure  False;
    proxy_pass      http://local_dev_www/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
    internal;
  }

  location / {
    limit_req     zone=r_www.local.dev   burst=60  nodelay;
    include       proxy_headers.conf;
    proxy_set_header  X-Secure  False;
    proxy_pass      http://local_dev_www/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /api/ {
    include       proxy_headers.conf;
    proxy_set_header  X-Secure  False;
    proxy_pass      http://local_dev_www/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /inc/ {
    include       proxy_headers.conf;
    proxy_pass      http://local_dev_www/inc/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /i/ {
    include       proxy_headers.conf;
    proxy_pass      http://local_dev_www/i/;
    proxy_next_upstream error timeout invalid_header http_500 http_503;
  }

  location /i/xml/ {
    return  403;
    }

  location /i/banners/ {
    return  403;
  }

  location /id/ {
    return  403;
  }

}

I want to remove request limit from whitelist IP's and limit requests on anything else, but at the moment it works other way around. It limits requests on whitelist IP's and any other IP is not limited.

centos

0 Answers